Don't show users tools they can't access #35

bengerman13 · 2021-03-26T00:06:15Z

In order to improve user experience, we want to hide OpenSearch apps users don't have access to.

Acceptance Criteria

GIVEN an app shows up in the menu
WHEN I click on it
THEN I should not receive a permissions error
GIVEN I do not have permissions for an app
WHEN I look for it in the menu
THEN I should not see it

This should not change security, only user experience

set the cluster permissions appropriately for our roles and each path/plugin
- Might be something to be done via the API rather than deployment config
Consider what features we can add/support
We can use the Security API to write tests

markdboyd · 2023-08-30T15:12:39Z

Unfortunately, there is no granular system for showing menu links based on user permissions: opensearch-project/security-dashboards-plugin#857.

So this issue is blocked until Opensearch implements some sort of granular permissions system for menu links.

mogul added the epic:logging-auth See https://github.com/cloud-gov/product/issues/1725 label Apr 18, 2022

mogul changed the title ~~Hide apps without permissions~~ Don't show users tools they can't access May 12, 2022

mogul added the squad-observability label Jul 20, 2022

markdboyd added the squad-success label Jun 16, 2023